> I believe the original posters example was in his case all the filter was
> required to do was keep people form using NetMeeting and PCA and hence two
> denies and allowing everything else was the best solution for his case.
I won't argue about blocking various services...if that's what they want
to do, it's their filter. My point was that as the final rule in a filter
allowing IP traffic sourced from 0.0.0.0/0 is not a good idea unless you
have too many blocks of possibly valid source addresses and don't want to
load up the PM with filter rules. If you're bothering to setup filters,
blocking spoofed IP source addresses is a good idea...unless you want
smurf to be one of the "services" your users can use.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or
Network Administrator | drawn and quartered...whichever
Florida Digital Turnpike | is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>